New research released today from Mimecast has found that the bad threat actors are modifying old exploits as well as changing their attack techniques in which they link to documents or landing pages on well-known cloud platforms using URLs that otherwise would appear to be legitimate.
The report, "Mimecast's Threat Intelligence Report, Black Hat Edition 2019," leverages the processing of some 160 billion emails during the period of April 2019 to June 2019. During this time, Mimecast rejected more than 67 billion of those emails and based its subsequent analysis on rejections classified as spam, opportunistic and targeted attacks, and impersonation detections.
"We have seen a marked increase in malware links," says Josh Douglas, Mimecast's vice president of threat intelligence. "We also found that nearly 30% of the impersonation attacks were targeted at the management and consulting sectors and biotechnology."
Peter Firstbrook, a research vice president who covers security at Gartner, says he doesn't worry too much about attachments and links. That's because most vendors are good at detecting them, and most organizations have endpoint protection and secure Web gateways that serve to backstop email security, he explains. However, he say he's very concerned about impersonation attacks, mainly business email compromises (BECs).
"The BEC-type attacks are the most interesting and difficult to detect," Firstbrook says. "There is no payload or URL to detect. It's typically just a person-to-person email from a legitimate account. Users trust email not knowing or understanding that email is not an authentication method. Companies are losing real money to these types of attacks, and few legacy solutions adequately protect them. Even newer solutions are sti ..
Support the originator by clicking the read the rest link below.
